{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7355", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-04-28T20:02:45.860Z", "datePublished": "2026-04-28T22:36:09.280Z", "dateUpdated": "2026-04-28T22:36:09.280Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "147.0.7727.138", "status": "affected", "lessThan": "147.0.7727.138", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use after free", "cweId": "CWE-416"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-04-28T22:36:09.280Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"url": "https://issues.chromium.org/issues/498285711"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"}], "id": "CVE-2026-7355", "lastModified": "2026-04-28T23:16:23.060", "metrics": {}, "published": "2026-04-28T23:16:23.060", "references": [{"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/498285711"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "chrome-cve-admin@google.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,147.0.7727.138)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-29T03:05:37.368697+00:00", "value": {"mitigation_remediation": ["Update Chrome to version\u202f147.0.7727.138 or later to patch the use\u2011after\u2011free vulnerability (CWE\u2011416).", "Enable automatic updates so that future security fixes are applied without manual intervention.", "As a temporary safeguard, disable video or audio media features that are not essential\u2014this reduces the code paths that could exploit the flaw and mitigates the risk associated with CWE\u2011416 until a patch is fully deployed."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Google Chrome desktop browsers before version 147.0.7727.138 are affected. This issue resides in the Media handling code that processes HTML content loaded into the browser.", "description_and_impact": "The vulnerability is a use\u2011after\u2011free in the Media component of Google Chrome that permits a remote attacker to execute arbitrary code inside the browser\u2019s sandbox by presenting a crafted HTML page. The flaw arises when the browser deallocates memory and subsequently accesses it, allowing the attacker to inject malicious code that can run with the browser process\u2019s privileges.", "risk_and_exploitability": "The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no currently known public exploitation. The official Chromium severity rating is Medium. The flaw requires a maliciously crafted HTML page served to or opened by the victim. The likely attack vector is a malicious website or drive\u2011by download; it is inferred that the attacker would need to convince the user to load the page. No public exploits have been reported. Once exploited, the attacker can run arbitrary code inside the sandbox, and it is inferred that additional privilege escalation might be possible if the sandbox can be bypassed, although this is not explicitly documented."}}}}, "created": "2026-04-29T01:00:10.587668+00:00", "title": "Use\u2011after\u2011free in Chrome Media Component Enables Remote Code Execution via Crafted HTML", "updated": "2026-04-29T03:15:45.989001+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}